feat(storage): add PublicAccessPrevention samples

Adds samples for 3 new region tags for PublicAccessPrevention feature. See library PR at googleapis/google-cloud-go#3608
tritone · Jan 26, 2021 · 8d2a042 · 8d2a042
1 parent c789b28
commit 8d2a042
Show file tree

Hide file tree

Showing 4 changed files with 200 additions and 0 deletions.
diff --git a/storage/buckets/buckets_test.go b/storage/buckets/buckets_test.go
@@ -353,6 +353,56 @@ func TestUniformBucketLevelAccess(t *testing.T) {
 	}
 }
 
+func TestPublicAccessPrevention(t *testing.T) {
+	tc := testutil.SystemTest(t)
+	bucketName := tc.ProjectID + "-storage-buckets-tests"
+
+	ctx := context.Background()
+	testutil.CleanBucket(ctx, t, tc.ProjectID, bucketName)
+
+	client, err := storage.NewClient(ctx)
+	if err != nil {
+		t.Fatalf("storage.NewClient: %v", err)
+	}
+	defer client.Close()
+
+	if err := setPublicAccessPreventionEnforced(ioutil.Discard, bucketName); err != nil {
+		t.Errorf("setPublicAccessPreventionEnforced: %v", err)
+	}
+	// Verify that PublicAccessPrevention was set correctly.
+	attrs, err := client.Bucket(bucketName).Attrs(ctx)
+	if err != nil {
+		t.Fatalf("Bucket(%q).Attrs: %v", bucketName, err)
+	}
+	if attrs.PublicAccessPrevention != storage.PublicAccessPreventionEnforced {
+		t.Errorf("PublicAccessPrevention: got %v, want %v", attrs.PublicAccessPrevention.String(), storage.PublicAccessPreventionEnforced.String())
+	}
+
+	buf := new(bytes.Buffer)
+	if err := getPublicAccessPrevention(buf, bucketName); err != nil {
+		t.Errorf("getPublicAccessPrevention: %v", err)
+	}
+	// Verify that the correct value was printed.
+	got := buf.String()
+	want := "Public access prevention is enforced"
+	if !strings.Contains(got, want) {
+		t.Errorf("getPublicAccessPrevention: got %v, want %v", got, want)
+	}
+
+	if err := setPublicAccessPreventionUnspecified(ioutil.Discard, bucketName); err != nil {
+		t.Errorf("setPublicAccessPreventionUnspecified: %v", err)
+	}
+	// Verify that PublicAccessPrevention was set correctly.
+	attrs, err = client.Bucket(bucketName).Attrs(ctx)
+	if err != nil {
+		t.Fatalf("Bucket(%q).Attrs: %v", bucketName, err)
+	}
+	if attrs.PublicAccessPrevention != storage.PublicAccessPreventionUnspecified {
+		t.Errorf("PublicAccessPrevention: got %v, want %v", attrs.PublicAccessPrevention.String(), storage.PublicAccessPreventionUnspecified.String())
+	}
+
+}
+
 func TestLifecycleManagement(t *testing.T) {
 	tc := testutil.SystemTest(t)
 	bucketName := tc.ProjectID + "-storage-buckets-tests"

diff --git a/storage/buckets/get_public_access_prevention.go b/storage/buckets/get_public_access_prevention.go
@@ -0,0 +1,48 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package buckets
+
+// [START storage_get_public_access_prevention]
+import (
+	"context"
+	"fmt"
+	"io"
+	"time"
+
+	"cloud.google.com/go/storage"
+)
+
+// getPublicAccessPrevention gets the current public access prevention setting
+// for the bucket.
+func getPublicAccessPrevention(w io.Writer, bucketName string) error {
+	// bucketName := "bucket-name"
+	ctx := context.Background()
+	client, err := storage.NewClient(ctx)
+	if err != nil {
+		return fmt.Errorf("storage.NewClient: %v", err)
+	}
+	defer client.Close()
+
+	ctx, cancel := context.WithTimeout(ctx, time.Second*10)
+	defer cancel()
+
+	attrs, err := client.Bucket(bucketName).Attrs(ctx)
+	if err != nil {
+		return fmt.Errorf("Bucket(%q).Attrs: %v", bucketName, err)
+	}
+	fmt.Fprintf(w, "Public access prevention is %v for %v", attrs.PublicAccessPrevention.String(), bucketName)
+	return nil
+}
+// [END storage_get_public_access_prevention]
diff --git a/storage/buckets/set_public_access_prevention_enforced.go b/storage/buckets/set_public_access_prevention_enforced.go
@@ -0,0 +1,51 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package buckets
+
+// [START storage_set_public_access_prevention_enforced]
+import (
+	"context"
+	"fmt"
+	"io"
+	"time"
+
+	"cloud.google.com/go/storage"
+)
+
+// setPublicAccessPreventionEnforced sets public access prevention to
+// "enforced" for the bucket.
+func setPublicAccessPreventionEnforced(w io.Writer, bucketName string) error {
+	// bucketName := "bucket-name"
+	ctx := context.Background()
+	client, err := storage.NewClient(ctx)
+	if err != nil {
+		return fmt.Errorf("storage.NewClient: %v", err)
+	}
+	defer client.Close()
+
+	ctx, cancel := context.WithTimeout(ctx, time.Second*10)
+	defer cancel()
+
+	bucket := client.Bucket(bucketName)
+	setPublicAccessPrevention := storage.BucketAttrsToUpdate{
+		PublicAccessPrevention: storage.PublicAccessPreventionEnforced,
+	}
+	if _, err := bucket.Update(ctx, setPublicAccessPrevention); err != nil {
+		return fmt.Errorf("Bucket(%q).Update: %v", bucketName, err)
+	}
+	fmt.Fprintf(w, "Public access prevention is 'enforced' for %v", bucketName)
+	return nil
+}
+// [END storage_set_public_access_prevention_enforced]
diff --git a/storage/buckets/set_public_access_prevention_unspecified.go b/storage/buckets/set_public_access_prevention_unspecified.go
@@ -0,0 +1,51 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package buckets
+
+// [START storage_set_public_access_prevention_unspecified]
+import (
+	"context"
+	"fmt"
+	"io"
+	"time"
+
+	"cloud.google.com/go/storage"
+)
+
+// setPublicAccessPreventionUnspecified sets public access prevention to
+// "unspecified" for the bucket.
+func setPublicAccessPreventionUnspecified(w io.Writer, bucketName string) error {
+	// bucketName := "bucket-name"
+	ctx := context.Background()
+	client, err := storage.NewClient(ctx)
+	if err != nil {
+		return fmt.Errorf("storage.NewClient: %v", err)
+	}
+	defer client.Close()
+
+	ctx, cancel := context.WithTimeout(ctx, time.Second*10)
+	defer cancel()
+
+	bucket := client.Bucket(bucketName)
+	setPublicAccessPrevention := storage.BucketAttrsToUpdate{
+		PublicAccessPrevention: storage.PublicAccessPreventionUnspecified,
+	}
+	if _, err := bucket.Update(ctx, setPublicAccessPrevention); err != nil {
+		return fmt.Errorf("Bucket(%q).Update: %v", bucketName, err)
+	}
+	fmt.Fprintf(w, "Public access prevention is 'unspecified' for %v", bucketName)
+	return nil
+}
+// [END storage_set_public_access_prevention_unspecified]